jesus/ontoref
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ontoref/reflection/migrations/0003-manifest-self-interrogation.ncl
Jesús Pérez 82a358f18d
Some checks failed
Nickel Type Check / Nickel Type Checking (push) Has been cancelled
Details
Rust CI / Security Audit (push) Has been cancelled
Details
Rust CI / Check + Test + Lint (push) Has been cancelled
Details
feat: #[onto_mcp_tool] catalog, OCI credential vault layer, validate ADR-018 mode hierarchy 
ontoref-derive: #[onto_mcp_tool] attribute macro registers MCP tool unit-structs in
  the catalog at link time via inventory::submit!; annotated item is emitted unchanged,
  ToolBase/AsyncTool impls stay on the struct. All 34 tools migrated from manual wiring
  (net +5: ontoref_list_projects, ontoref_search, ontoref_describe,
  ontoref_list_ontology_extensions, ontoref_get_ontology_extension).

  validate modes (ADR-018): reads level_hierarchy from workflow.ncl and checks every
  .ncl mode for level declared, strategy declared, delegate chain coherent, compose
  extends valid. mode resolve <id> shows which hierarchy level handles a mode and why.
  --self-test generates synthetic fixtures in a temp dir for CI smoke-testing.

  validate run-cargo: two-step Cargo.toml resolution — workspace layout first
  (crates/<check.crate>/Cargo.toml), single-crate fallback by package name or repo
  basename. Lets the same ADR constraint shape apply to workspace and single-crate repos.

  ontology/schemas/manifest.ncl: registry_topology_type contract — multi-registry
  coordination, push targets, participant scopes, per-namespace capability.

  reflection/requirements/base.ncl: oras ≥1.2.0, cosign ≥2.0.0, sops ≥3.9.0, age
  ≥1.1.0, restic declared as Hard/Soft requirements with version_min, check_cmd, and
  install_hint (ADR-017 toolchain surface).

  ADR-019: per-file recipient routing for tenant isolation without multi-vault. Schema
  additions: sops.recipient_groups + sops.recipient_rules in ontoref-project.ncl.
  secrets-bootstrap generates .sops.yaml from project.ncl in declarative mode. Three
  new secrets-audit checks: recipient-routing-coherent, recipient-routing-coverage,
  no-multi-vault. Adoption templates: single-team/, multi-tenant/, agent-first/.
  Integration templates: domain-producer/, mode-producer/, mode-consumer/.

  UI: project_picker surfaces registry badge (⟳ participant) and vault badge
  (⛁ vault_id · N, green=declarative / amber=legacy) per project card. Expanded panel
  adds collapsible Registry section with namespace, endpoint, and push/pull capability.
  manage.html gains Runtime Services card — MCP and GraphQL toggleable without restart
  via HTMX POST /ui/manage/services/{service}/toggle.

  describe.nu: capabilities JSON includes registry_topology and vault_state per project.
  sync.nu: drift check extended to detect //! absence on newly registered crates.
  qa.ncl: six entries — credential-vault-best-practice (layered data-flow diagram),
  credential-vault-templates (paths A/B/C), credential-vault-troubleshooting (15 named
  errors), integration-what-and-why (ADR-042 OCI federation), integration-how-to-implement,
  integration-troubleshooting.

  on+re: core.ncl + manifest.ncl updated to reflect OCI, MCP, and mode-hierarchy nodes.
  Deleted stale presentation assets (2026-02 slides + voice notes).
2026-05-12 04:46:15 +01:00

52 lines
1.9 KiB
Text
Raw Blame History

{
id = "0003",
slug = "manifest-self-interrogation",
description = "Populate capabilities[], requirements[], and critical_deps[] in manifest.ncl",
check = {
tag = "Grep",
pattern = "make_capability",
paths = [".ontology/manifest.ncl"],
must_be_empty = false,
},
instructions = "
Open .ontology/manifest.ncl and populate three arrays.
capabilities[] — what the project offers (2-6 entries, audience-facing):
m.make_capability {
id = \"kebab-id\",
name = \"Short Name\",
summary = \"One line: what this does.\",
rationale = \"Why it exists. What was rejected.\",
how = \"Key patterns, entry points, data flows.\",
artifacts = [\"crates/foo/\", \"GET /api/foo\"],
adrs = [], # ADR IDs that formalize decisions here
nodes = [], # node IDs from .ontology/core.ncl
}
requirements[] — prerequisites to run (one per tool/service/envvar):
m.make_requirement {
id = \"kebab-id\",
name = \"Human Name\",
env = 'Both, # 'Production | 'Development | 'Both
kind = 'Tool, # 'Tool | 'Service | 'EnvVar | 'Infrastructure
version = \"\",
required = true,
impact = \"What breaks if absent.\",
provision = \"How to install or set.\",
}
critical_deps[] — load-bearing external deps with documented blast radius:
m.make_critical_dep {
id = \"kebab-id\",
name = \"crate-or-service\",
ref = \"crates.io: foo\",
used_for = \"Which capabilities depend on this.\",
failure_impact = \"What breaks if this dep disappears.\",
mitigation = \"Feature flags, fallback builds, alternatives.\",
}
Verify:
nickel export --import-path \"$NICKEL_IMPORT_PATH\" .ontology/manifest.ncl \\
| jq '{capabilities: (.capabilities|length), requirements: (.requirements|length), critical_deps: (.critical_deps|length)}'
",
}
Reference in a new issue View git blame Copy permalink